Follow us

Many sites such as YouTube use a simple redirect link when a user clicks on an outgoing link on their sites. In most cases this is done to understand which links are more popular and clicked more by users. In this simple video, I show how this feature can be abused by Malware authors, Spammers and for Phishing. The funny thing is that this redirection vulnerability has been around for way too long and it's tough to figure out why sites would still wanna use it.

Have a look at these 2 links which I posted on Reddit and Digg as proof of concept. The identified "site" by these websites is YouTube, but after redirection they simply land on SecurityTube.

Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.